Got Containers? You’ll Need a Way to Monitor Them

The use of containers is growing rapidly. In a June 2016 survey conducted by Cloud Foundry and ClearPath Strategies, 64% of respondents said they plan to mainstream the use of containers in the next year. As the use of containers proliferates, it is essential to address monitoring to improve the performance, usage and troubleshooting of containers. However, effective monitoring requires an analytics-driven approach that not only informs developers and operations of what’s happening, but also offers those teams the ability to dig into their container usage and performance data to gain actionable insight.

What happens when something goes wrong?

When there is a problem, it is critical to quickly gain visibility into the specific details of the event. Errors in the applications running in containers are the most common source of container problems, but they are not the only one. Container issues may result from a problem with the underlying infrastructure, such as the operating system, storage, network, database or other component.

Therefore, container-monitoring solutions must have visibility and analytical capabilities that help users identify the source of the problem. Failure to do this quickly and accurately may result in longer downtime, which can lead to substantial cost and risk for the organization.

Key capabilities of an effective container-monitoring solution

Containers have unique characteristics that will impact what monitoring solutions an organization should choose. Among these characteristics is the fact that containers are ephemeral and can be started and stopped in a matter of seconds. This requires a monitoring solution that can leverage logging and metrics interfaces, as well as retain information about that container after it is no longer running. Further, the container-monitoring solution must have not only the ability to analyze more than just the container, but also provide insight into the availability, performance and usage of other components of the application stack.

Perhaps the most important requirement for effective and efficient container monitoring is to have a solution that is native to the container. The logging driver is the source of critical information about the container that can be implemented by simply configuring how containers are defined or run. Using an embedded solution allows for better performance, as the monitoring tool is not competing for resources with other processes.

The final component of an effective solution is an analytics-based approach, which makes it easier to evaluate and act on the information surfaced by the monitoring solution. The dashboard often will be the starting point for remediating problems that occur in containers. Additionally, the dashboard must support the ability to dive deeply into the logs and metrics in order to gain the detailed information necessary for effective remediation.

A path toward better container monitoring

Splunk Enterprise or Splunk Cloud provide the starting point for container monitoring. Machine data is easily communicated from your containers to your Splunk software by using the Splunk Logging Driver for Docker. With this driver, you can retrieve the Docker container information from the containers and monitor logs seamlessly. This is a simple task, as the Docker Driver for Splunk is built into Docker.

For optimal container monitoring, it is critical to analyze all data sources from the container, which include container/microservice logs, container metrics/events, container clusters, nodes and applications, application logs and wire data. Using the above Splunk products, you can correlate container data with data from other tiers, which will deliver a full picture of the environment.

The result is a comprehensive solution for container monitoring that provides ease of deployment and rapid time to value, and can be correlated with other data sources you’re using Splunk software for—providing you with an end-to-end perspective.